Hi Dmitri Yes that’s the idea: same permissions but attached to tags instead of entities (and entities will have tag). We can imagine to use this model by default using “default” tag for instance.
Regards JB Le mer. 15 oct. 2025 à 19:07, Dmitri Bourlatchkov <[email protected]> a écrit : > Hi JB, > > This is certainly an interesting idea! > > Are you thinking about keeping current Polaris permissions, but attaching > them to tags instead of entities? > > Thanks, > Dmitri. > > On Wed, Oct 15, 2025 at 3:15 AM Jean-Baptiste Onofré <[email protected]> > wrote: > > > Hi folks, > > > > Maybe you know, I'm working on an Iceberg component for Apache Camel. > > I have a first version that works and I implemented a simple route > > consuming from a Kafka topic, processing the Kafka record and > > inserting data into Iceberg tables. The component is able to > > "dynamically" create Iceberg namespaces/tables (by configuration or by > > using patterns in the Kafka record). > > > > I did a test using Iceberg/Polaris, and I created a bunch of Iceberg > > namespaces/tables without problem. > > > > The "problem" is that the work to create all the permissions on > > entities (namespaces/tables). From an user perspective, it's a bit > > painful to define the permissions (read, write, etc) on each single > > entity (especially in my case, the permissions are basically the > > same). > > > > To ease this, I propose to have an Attribute Based Access Control: > > instead of applying the permissions on a specific entity, the > > permissions is on a "tag" and then the permissions definition is on a > > tag (and so it will apply to all entities with the tag). > > > > This tag could be explicit on an entity (so the persistence model > > would have a new "tag" field) or based on entity property. > > > > If the community thinks it's interesting, I can draft a proposal > > document, create an issue and a draft PR. > > > > Thoughts ? > > > > Thanks, > > Regards > > JB > > >
